Pramiti Docs

Target Model

Blast radius calculation, tool classification, and semantic impact

The target model classifies tools by their action type and computes the blast radius of proposed actions — what downstream systems, entities, and data will be affected if the action proceeds.

How It Works

Tool Classifier (tool_classifier.py)

The ToolActionClassifier determines whether a tool call is a read (observation) or an action (mutation):

classifier = ToolActionClassifier(session)
is_action = classifier.classify("salesforce.update_contact", workspace_id)
# True = action (requires policy evaluation)
# False = read (pass-through)

Classification uses two strategies:

  1. Explicit DB metadata — The aegis_tool_metadata table stores per-tool classifications set by administrators
  2. Heuristic fallback — If no metadata exists, prefix-based heuristics classify tools (e.g., get_*, list_*, read_* = read; update_*, delete_*, create_* = action)

Results are cached per workspace with a configurable TTL.

Impact Engine (impact_engine.py)

The AegisImpactEngine computes blast radius for proposed actions:

engine = AegisImpactEngine(session)
impact = engine.compute_impact(
    tool_name="salesforce.update_contact",
    arguments={"contact_id": "123"},
    workspace_id=workspace_id
)
# impact.affected_entities: list of AffectedEntity
# impact.rollback_plan: optional rollback instructions
# impact.severity: "low" | "medium" | "high" | "critical"

The impact engine:

  1. Matches the tool against registered impact rules using glob patterns
  2. Identifies affected entities (downstream systems, data stores, APIs)
  3. Computes severity based on the number and type of affected entities
  4. Generates rollback plans where possible
  5. Aggregates plan entries into human-readable summaries

Data Structures

AffectedEntity describes a single affected entity:

  • name — Entity identifier
  • type — Entity type (database, api, queue, etc.)
  • relationship — How this entity is affected (direct, cascade, etc.)
  • reversible — Whether the change can be rolled back

ImpactSet aggregates the blast radius:

  • affected_entities — List of all affected entities
  • severity — Aggregate severity level
  • rollback_plan — Combined rollback instructions
  • hash — Deterministic hash for attestation signing

Architecture

The target model integrates with the PDP:

Proposed Action

ToolActionClassifier
    ├── Read → Pass-through (no evaluation)
    └── Action → PolicyEngine + ImpactEngine

              PolicyDecision + ImpactSet

              AttestationStore (records both)

Impact sets are hashed and included in attestation signatures, ensuring the blast radius computation is part of the tamper-evident audit trail.

Configuration

Impact rules are managed via the REST API:

POST /api/v1/aegis/impact-rules
{
  "workspace_id": "ws-1",
  "tool_patterns": ["salesforce.delete_*"],
  "affected_entities": [
    {"name": "Salesforce CRM", "type": "api", "relationship": "direct", "reversible": false},
    {"name": "Data Warehouse", "type": "database", "relationship": "cascade", "reversible": true}
  ],
  "severity": "high"
}

Technical Details

  • Tool classification caching uses per-workspace TTL to handle dynamic tool registration
  • Impact rule matching uses fnmatch glob patterns (_tool_matches_patterns())
  • The hash_impact_set() function produces a deterministic hash for attestation signing
  • Rollback plans are aggregated from individual entity plans via _aggregate_plans()
  • The impact engine is PostgreSQL-only — no LLM or Oxigraph dependency

On this page